We had a misunderstanding there and used for each of us a user for the
web interface and a client for knife (for a long time). This made no
problems, until we started using chef-vault which then got confused (and
preferred the user’s certificate).

So I recommend you to only use a user for your admins.
(I don’t know, if there’s anywhere such an official recommendation)